Hi Graham,
Your questions may be of general interest, clearly the DNS scope can be
confusing.
Before I begin explaining your situation, let's recall the case we documented
or Shamus recently for a single interface configuration.
====
Single Interface (only External Interface: defined) configuration:
1) In the Network tab, make the Hostname: and Domain: match that of the
upstream DNS server.
2) Uncheck the "Local Domain" box.
3) Make sure no IPv4 (or IPv6/nn) addresses are defined in any of the "Internal
Interfaces:" section fields.
====
Now, in your case, you have internal interfaces/networks. As a rule the first
defined internal interface (usually 1st LAN) will automatically have a
/etc/hosts entry:
--
INTIP HOSTNAME.DOMAIN HOSTNAME
--
Note: Regardless if "Local Domain" is checked or unchecked, HOSTNAME will
resolve to INTIP. The file /etc/hosts always has priority.
So, if you have internal interfaces/networks the DOMAIN should normally be
unique and "Local Domain" should be checked. For example DOMAIN could be
"local' or I personally use "priv.abelbeck.com" as my AstLinux DOMAIN which
does not occur anywhere in the public DNS.
Define your DNS hosts for your local devices by using the...
Network tab -> DNS Forwarder & DHCP Server { Configure DNS Hosts }
These values will be automatically added to the /etc/hosts file for DNS,
"Restart DNS" to apply the changes.
Note the DHCP server will pass out DOMAIN so all local devices will have the
scope of the *unique* local domain.
Things get confusing if you define the Astlinux DOMAIN with local networks to
be the *same* as a public upstream DNS domain. While this configuration is
possible, a few pitfalls should be noted.
====
Local interfaces/networks defined using the *same* domain as a public upstream
DNS domain: (not recommended)
1) In the Network tab, make the Hostname: and Domain: match that of the
upstream DNS server.
2) Uncheck the "Local Domain" box. This allows upstream lookups if the host is
not found in /etc/hosts .
3) Any hosts defined in Network tab -> DNS Forwarder & DHCP Server { Configure
DNS Hosts } will have priority over the upstream DNS server.
4) The first defined internal interface (usually 1st LAN) will automatically
have a /etc/hosts entry and will have priority over the upstream DNS server.
====
I hope this is helpful, my best advice is to have a unique DOMAIN entry if you
have local interfaces/networks defined, then locally define your host's DNS.
Lonnie
On Jun 25, 2012, at 11:10 AM, Graham S. Jarvis wrote:
> Hello again Lonnie,
>
> Now that I have my routing sorted out I have a dns problem. It looks like my
> "localhost" nameserver lookups don't get passed on to the gateway if they
> can't
> be answered here.
>
> Excuse me that I SHOUT between all the output below but I thought you'd hear
> me
> better.....
>
>
> FIRSTLY,
>
> 4801_GW ~ # route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
> 192.168.207.0 * 255.255.255.0 U 0 0 0 eth2
> 192.168.107.0 * 255.255.255.0 U 0 0 0 eth1
> 224.0.0.0 * 240.0.0.0 U 0 0 0 eth2
> 224.0.0.0 * 240.0.0.0 U 0 0 0 eth1
> default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
>
> SO, MY ROUTE LOOKS OK.
> THE GATEWAY IS AN IP ON THIS MACHINE.
>
> IF I PING OUT OF MY DOMAIN...
> 4801_GW ~ # ping google.com
> PING google.com (209.85.148.101): 56 data bytes
> 64 bytes from 209.85.148.101: seq=0 ttl=56 time=13.758 ms
> 64 bytes from 209.85.148.101: seq=1 ttl=56 time=12.267 ms
> 64 bytes from 209.85.148.101: seq=2 ttl=56 time=12.113 ms
> ^C
> --- google.com ping statistics ---
> 3 packets transmitted, 3 packets received, 0% packet loss
> round-trip min/avg/max = 12.113/12.712/13.758 ms
>
> THAT'S GOOD
>
> BUT
> 4801_GW ~ # ping infoservers.net
> ping: bad address 'infoservers.net'
> 4801_GW ~ # ping vpsv3.infoservers.net
> ping: bad address 'vpsv3.infoservers.net'
>
> THAT'S BAD
>
> 4801_GW ~ # ping infoservers.com
> PING infoservers.com (213.198.53.45): 56 data bytes
> 64 bytes from 213.198.53.45: seq=0 ttl=52 time=34.772 ms
> 64 bytes from 213.198.53.45: seq=1 ttl=52 time=35.231 ms
> 64 bytes from 213.198.53.45: seq=2 ttl=52 time=29.953 ms
> ^C
> --- infoservers.com ping statistics ---
> 3 packets transmitted, 3 packets received, 0% packet loss
> round-trip min/avg/max = 29.953/33.318/35.231 ms
>
> INFOSERVERS.COM IS ON THE SAME SERVER.
>
> SO, LET'S DOUBLE CHECK THAT I'M WHERE I THINK I AM.....
> LOGOUT AND BACK IN AGAIN:
>
> gsj@ubuntu-tosh:~$ ssh root@192.168.207.249
> WARNING!!!
> This system is solely for the use of authorized users for official purposes.
> You have no expectation of privacy in its use and to ensure that the system
> is functioning properly, individuals using this computer system are subject
> to having all of their activities monitored and recorded by system
> personnel. Use of this system evidences an express consent to such
> monitoring and agreement that if such monitoring reveals evidence of
> possible abuse or criminal activity, system personnel may provide the
> results of such monitoring to appropriate officials.
> root@192.168.207.249's password:
> 4801_GW ~ # hostname -d
> infoservers.net
> 4801_GW ~ # hostname -f
> 4801_gw.infoservers.net
> 4801_GW ~ # hostname -i
> 192.168.107.249
>
> HMMM, MY HOSTNAME IS CORRECT BUT I THOUGHT I WAS ON THE "207" NETWORK....
> I THOUGHT I'D CONNECTED VIA 192.168.207.249 ON eth2
>
>
> 4801_GW ~ # ifconfig
> eth0 Link encap:Ethernet HWaddr 00:00:24:C4:3F:CC
> inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:262290 errors:0 dropped:6 overruns:0 frame:0
> TX packets:193437 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:307954125 (293.6 MiB) TX bytes:22349036 (21.3 MiB)
> Interrupt:10 Base address:0x8000
>
> eth1 Link encap:Ethernet HWaddr 00:00:24:C4:3F:CD
> inet addr:192.168.107.249 Bcast:192.168.107.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:131565 errors:0 dropped:0 overruns:0 frame:0
> TX packets:132312 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:28269477 (26.9 MiB) TX bytes:27474287 (26.2 MiB)
> Interrupt:10 Base address:0xa000
>
> eth2 Link encap:Ethernet HWaddr 00:00:24:C4:3F:CE
> inet addr:192.168.207.249 Bcast:192.168.207.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:329901 errors:1 dropped:2 overruns:1 frame:0
> TX packets:392635 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:51100933 (48.7 MiB) TX bytes:337112858 (321.4 MiB)
> Interrupt:10 Base address:0x2000
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:1775 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1775 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:152826 (149.2 KiB) TX bytes:152826 (149.2 KiB)
>
> AM I WHO I THINK I AM?
>
> 4801_GW ~ # who
> USER TTY IDLE TIME HOST
> root pts/0 00:00 Jun 25 17:04:06 192.168.207.207
>
> LOOKS LIKE IT.
>
> SO, hostname MUST BE GETTING IT'S INFO FROM SOMEWHERE.
> HOW ABOUT HERE:
>
> 4801_GW ~ # cat /etc/hosts
> # Automatically generated from internal state.
> 127.0.0.1 localhost
> 192.168.107.249 4801_gw.infoservers.net 4801_gw
> 192.168.107.249 x23.selfip.net
> #
> #/mnt/kd/hosts
> 192.168.107.250 ipbx.infoservers.net iPBX
> 4801_GW ~ #
>
> WAIT A MINUTE.....
> WHY DOES THE /etc/hosts FILE GET GENERATED WITH 4801_GW ON THE "107"
> NETWORK????
> JUST BECAUSE I PUT "107" ON eth1 ?
>
> THIS IS ALL VERY INTERESTING, BUT I DON'T THINK IT SOLVES MY DNS PROBLEMS.
>
> IF I ADD:
> 213.198.53.45 infoservers.net
> INTO /etc/hosts THEN I CAN PING "infoservers.net"
> (but not vpsv3.infoservers.net)
>
> AND IT DOESN'T HELP ME CONNECTING TO MY E-MAIL FROM THUNDERBIRD ON MY UBUNTU
> PC.
> PERHAPS IF I COULD ADD SOMETHING TO /etc/resolv.conf
>
> 4801_GW ~ # cat /etc/resolv.conf
> search infoservers.net
> nameserver 127.0.0.1
>
> EXCEPT IT IS RE-BUILT EACH TIME I RESTART dnsmasq.
>
>
> So,
> does any one know a good book for me to read?
>
>
> All the Best!!!
>
> -Graham-
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
